Single sign-on (Enterprise)
SAML-based SSO for enterprise identity providers.
Enterprise plans can connect docAnalyzer to your organization's identity provider over SAML so seats sign in with your IdP instead of email and password.
What you get
- Members sign in via your IdP (Okta, Azure AD / Entra ID, Google Workspace, OneLogin, JumpCloud, custom SAML).
- Account provisioning is centralized: onboarding a new seat is one operation in your IdP.
- Off-boarding is centralized: disabling the IdP account locks the seat out of docAnalyzer.
- SSO can be enforced (no email/password sign-in fallback) per workspace.
What it doesn't include
- SCIM provisioning. Not in this scope today. Seats are added by IdP-driven sign-in or manual invitation.
- Per-app group sync. docAnalyzer doesn't currently map IdP groups to roles. Roles are set inside the workspace.
Set it up
SSO is provisioned by docAnalyzer's enterprise team. The flow:
-
1
Contact: open the enterprise contact form or write to support; we'll provision a SAML connection.
-
2
Exchange metadata: you provide the IdP metadata XML (or entity ID + signing cert + URLs); we provide our service provider metadata.
-
3
Test: sign in as a test user from your IdP, confirm the session lands in docAnalyzer.
-
4
Enforce: once tested, your workspace admin can require SSO sign-in for every member.
Timeline varies by IdP but most setups land in 1–3 business days.
After SSO is on
- New seats provisioned in your IdP can sign in to docAnalyzer immediately.
- Existing seats keep their data; their next sign-in routes through the IdP.
- Workspace admin and Owner roles inside docAnalyzer are still managed inside docAnalyzer (not via IdP groups in this release).
What's next
- Invite teammates: manual invites still work; useful for testing or non-SSO members.
- Manage workspaces: workspace settings where SSO enforcement lives.
- Plans and credits: SSO is Enterprise-tier.